2019-05-30 08:17:47,175 [cuckoo] WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important!
2019-05-30 08:17:47,175 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signaturs, Yara rules, and more goodies by running the following command:
2019-05-30 08:17:47,176 [cuckoo] INFO: $ cuckoo community

Install Python 2.7 and be make sure it is added to your path. Transfer agent.py to the guest machine. It can be found in the ~/.cuckoo/agent/ directory. I then ran python agent.py and took a snapshot. This way when cuckoo loads up the snapshot it's running and ready to go.

Install Volatility if you intend on preforming memory forensics. For this follow their instructions for installation here.

That's about it for the guest. Next step is to analyze some malware.

Analyze Malware

Let's analyze some malware now. For this I will be using Doublepulsar-1.3.1.exe and Eternalblue-2.2.0.exe. The first step it to submit the executables. You can get these files here on github.

I know that looks like a lot, and it is. You can trim some of that down by omitting the -d. However, it does give us a bit more insight. For example if the guest and host cannot connect you will see that here.

This is cool and all but we want data! Information about what just happened can be found here ~/.cuckoo/storageanalyses. Since I submitted Doublepulsar-1.3.1.exe first it can be found in ~/.cuckoo/storageanalyses/1 making ~/.cuckoo/storageanalyses/2Eternalblue-2.2.0.exe.